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AMENDMENTS to the CLAIMS 

The following listing of claims highlight changes between the last set of amended claims, 
as relied upon in the Office Action dated May 20, 2004, and ±e newly amended claims. These 
newly amended claims will replace all prior versions, and listings, of claims in the application: 



Listing of the Claims 

Claim 79 (currently amended): A system for transfer of secure data on a network comprising: 

a) a client capable of presenting conforming client data; 

b) a server capable of using said conforming chent data to create at loaot ono 
QOGuro oookie at least two secure cookies , each of said at looGt ono a e our e 
eeelae at least two secure cookies including: 

i) a domain field capable of holding domain data to associate said 
secure cookie to a domain where said secure cookie is valid; 

ii) at least one name field capable of holding name data; 

iii) at least one value field capable of holding value data derived from 
said conforming client data; and 

iv) an expiration field capable of holding cookie expiration data; 

c) a network capable of transporting at least one of said ot least ono ooour e 
coolcie at least two secure cookies between said server and said client; 

d) a client storage means capable of storing at least one of said at loaot on e 
fi oouro oooki e at least two secure cookies: and 

e) a secure attribute service between said client and said server using said at 
least one of said at least ono poouro oookie at least two secure cookies, 

wherein at least one of said at l e ast ono ooour e oooki e at least two secure cookies is on e of 
tho following: 

€^ an Quthontioation coolde; 

b) a o e al oookio, capabl e of b e ing uo e d by said oorv e r to d e termin e if at l e ast 

ono of said at l e ast one socuro coolcie has b e on alter e d; and 

e) a key cookie containing an encrypted session key, said session key capable 

of encrypting said value data contained in another of said at l e ast one 
fioouro oQold e at least two secure cookies . 

Claim 80 (previously added): A system according to claim 79, wherein said client is a web 
browser. 

Claim 81 (canceled) 

Claim 82 (previously added): A system according to claim 79, wherein said secure attribute 
service includes said server authenticating said client by comparing said conforming 
client data with said value data. 
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Claim 83 (currently amended): A system according to claim [[79]] 119. wherein said 

authentication cookie is an IP cookie and said conforming client data includes the IP 
address of said client. 

Claim 84 (currently amended): A system according to claim [[79]] 119. wherein said 

authentication cookie is a password cookie and said conforming client data includes a 
password. 

Claim 85 (previously added): A system according to claim 84, wherein said password is 
processed using a hashing algorithm. 

Claim 86 (previously added): A system according to claim 84, wherein said password is 
processed using an encryption algorithm. 

Claim 87 (currently amended): A system according to claim [[79]] 119> wherein said 

authentication cookie is a sign cookie and said conforming client data includes a digital 
signature on a timestamp. 

Claim 88 (currently amended): A system according to claim [[79]] 119. further including a 
secret-key based authentication service. 

Claim 89 (previously added): A system according to claim 88, and wherein said authentication 
cookie is a KT cookie and said conforming client data includes a Kerberos ticket created 
using a Kerberos protocol. 

Claim 90 (currently amended): A system according to claim 79, wherein at least one of said at 

least one seoure cooki e at least two secure cookies includes a multitude of secure cookies. 

Claim 91 (canceled) 

Claim 92 (currently amended): A system according to claim [[79]] 118. wherein said seal cookie 
includes an integrity check value. 

Claim 93 (currently amended): A system according to claim [[79]] 118. wherein said seal cookie 
includes the signature of a message digest signed using a private key. 

Claim 94 (previously added): A system according to claim 79, wherein at least one of said at 
least one name field and at least one of said at least one value field are a pair. 

Claim 95 (currently amended): A system according to claim 79, wherein at least one of said at 
least one secure cookie at least two secure cookies fiirther includes a flag, said flag 
specifying whether all machines within said domain referenced by said domain data can 
access said value data. 

Claim 96 (canceled) 
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Claim 97 (currently amended): A system according to claim 79, wherein at least one of said et 
loost ono secure ooolci e at least two secure cookies is used in an electronic transaction. 

Claim 98 (currently amended); A system according to claim 79, wherein said system is part of a 
role based access control system and at least one of said at leofit one sooure cooki e at least 
two secure cookies is used in assigning client rotes. 

Claim 99 (currently amended): A method for the transfer of secure data on a network including 
the steps of: 

a) a cUent making a request from a server; 

b) said server retrieving conforming client data; 

c) said server creating at leoot ono oocuro oooki e at least two secure cookies. 
each of said at looflt ono aoouro oooki e at least two secure cookies 
including selected conforming client data, said selected conforming data 
including at least some of said conforming client data; 

d) said server transmitting at least one of said at least ono & e our e cooki e at 
least two secure cookies to said cUent; 

e) said client storing at least one of said at l e ast on e pecure cooki e at least 
two secure cookies: 

f) said chent presenting to a related server at least one of said stored at loast 
ono Gocuro ooolci e at least two secure cookies with a second request, said 
related server residing on the same domain as said server; 

g) said related server making a determination of whether at least one of said 
at least one retrieved stored at loost one a e oiu^ oooki e at least two secure 
cookies contains said selected conforming cHent data; and 

h) said related server fulfilling said second request if said determination is 
positive[[,]]i 

wherein at least one of said at least one o e our e oooki e at least two secure cookies is on e of 
the following: 

a) an authonticotion oooki e ; 

b) a s e al cookie, capable of being us e d by said serv e r to d e t e rmin e if at l e ast 
ono of said at least on e s e our e cooki e has been alter e d; and 

a key cookie containing an encrypted session key, said session key capable 

of encrypting said value data contained in another of said at l e ast on e 
fiocure cooki e at least two secure cookies . 

Claim 100 (previously added): A method of claim 99 wherein at least some of said conforming 
client data is retrieved from said client. 

Claim 101 (previously added): A method of claim 99, wherein said conforming client data 
includes a clients IP address. 

Claim 102 (previously added): A method of claim 99, wherein said conforming client data 
includes a password. 
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Claim 103 (previously added): A method of claim 99, wherein said conforming client data 
includes a Kerberos ticket. 

Claim 104 (previously added): A method of claim 99, wherein said conforming client data 
includes a digital signature. 

Claim 105 (previously added): A method of claim 104, wherein said determination further 
includes verifying that said digital signature belongs to said client. 

Claim 106 (previously added): A method of claim 99, further including the step of said server 
encrypting at least some of said selected conforming client data. 

Claim 107 (previously added): A method of clahn 106, wherein said encrypting uses a pubhc 
key. 

Claim 108 (previously added): A method of claim 106, wherein said encrypting uses a secret 
key. 

Claim 109 (previously added): A method of claim 106, further including the step of said server 
decrypting said encrypted selected conforming client data using a private key. 

Claim 110 (previously added): A method of claim 106, further including the step of said server 
decrypting said encrypted selected conforming client data using a secret key. 

Claim 1 1 1 (previously added): A method of claim 99, further including the step of said server 
hashing at least some of said conforming client data. 

Claim 1 12 (previously added): A method of claim 99, wherein said conforming client data 
includes data derived from at least one item from the group consisting of: 

a) the client's IP address; 

b) a password; 

c) a Kerberos ticket; 

d) credit card data; 

e) social security number; 

f) a digital signature of the client; and 

g) a home address. 

Claim 1 13 (previously added): A method of claim 99, wherein said determination is positive 

only if said selected conforming client data was retrieved by said server from said client 
during the current session. 

Claim 1 14 (previously added): A method of claim 99, wherein said secure cookie contains a 
digital signature of said client on a time-stamp. 
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Claim 1 15 (currently amended): A method of claim 99, further including the step of providing 
integrity to at least one of said at l e ast ono oecur e cooki e at least two secure cookies 
comprising: 

a) said server creating integrity data from at least one of said at loaat on e 
secur e oooki e at least two secure cookies, said integrity data including at 
least one item selected from the group: 

i) encrypted said selected conforming client data; 

ii) a digital signature; and 

iii) a message digest; 

b) said server inputting said integrity data into a seal cookie; and 

c) said server storing said seal cookie. 

Claim 1 16 (previously added): A mediod of claim 99, wherein said request is part of an 
electronic transaction. 

Claim 117 (previously added): A method of claim 99, wherein said request is part of an attribute- 
based access control function. 

Claim 1 18 (new): A system for transfer of secure data on a network comprising: 

a) a client capable of presenting conforming client data; 

b) a server capable of using said conforming client data to create at least two 
secure cookies, each of said at least two secure cookies including: 

i) a domain field capable of holding domain data to associate said 
secure cookie to a domain where said secure cookie is valid; 

ii) at least one name field capable of holding name data; 

iii) at least one value field capable of holding value data derived fi^m 
said conforming client data; and 

iv) an expiration field capable of holding cookie expiration data; 

c) a network capable of transporting at least one of said at least two secure 
cookies between said server and said client; 

d) a client storage means capable of storing at least one of said at least two 
secure cookies; and 

e) a secure attribute service between said client and said server using said at 
least one of said at least two secure cookies; and 

wherein at least one of said at least two secure cookies is a seal cookie, capable of 
being used by said server to determine if at least one of said at least two 
secure cookies has been alt^ed. 

Claim 119 (new): A system according to claim 79, wh^ein at least one of said at least two 
secure cookies is an authentication cookie. 

Claim 120 (new): A method for the transfer of secure data on a network including tfie steps of: 

a) a client making a request fix>m a server; 

b) said server retrieving conforming client data; 
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c) said server creating at least two secure cookies, each of said at least two 
secure cookies including selected conforming client data, said selected 
conforming data including at least some of said conforming client data; 

d) said server transmitting at least one of said at least two secure cookies to 
said client; 

e) said client storing at least one of said at least two secure cookies; 

f) said client presenting to a related server at least one of said stored at least 
two secure cookies with a second request, said related server residing on 
the same domain as said server; 

g) said related server making a determination of whether at least one of said 
at least one retrieved stored at least two secure cookies contains said 
selected conforming client data; and 

h) said related server fulfilling said second request if said determination is 
positive; 

wherein at least one of said at least two secure cookies is a seal cookie, capable of being 
used by said server to determine if at least one of said at least two secure cookies has 
been altered. 

Claim 121 (new): A method according to claim 99, wherein at least one of said at least two 
secure cookies is an authentication cookie. 
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